Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

FBI Encouraging Ransomware Victims To Report Infections

The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat.

The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat.

The agency, in tandem with the Internet Crime Complaint Center (IC3), issued a public service announcement on Thursday asking ransomware victims to come forward and share their stories. The FBI is hoping victims can supply either them or the IC3 with data about attacks, including:

The date they were infected

The ransomware variant that hit them

How the infection occurred

How much the attackers asked for

If they paid the ransom

The attackers’ Bitcoin wallet address

If they suffered any losses from the infection

As the IC3 usually requires with complaints, victims will be asked to include their name, address, telephone number and email in a complaint, in order for the agency to follow up with them.

The agency has been sounding the alarm over the ransomware for more than a year – first warning of schemes associated with the variant Cryptowall before describing several ransomware scenarios in March. In April it urged individuals implement a robust back up and recovery plan and to be wary of suspicious attachments in emails.

While the agency has always encouraged ransomware victims to contact their local FBI field office or file a complaint with the IC3, it wasn’t until this week that it explained exactly what sort of data it hopes to receive.

The agency acknowledges that victims may not want to come forward – either because of embarrassment, concerns over their privacy, their business reputation, or regulatory data breach reporting requirements but is urging users to report incidents regardless of the outcome. The PSA claims additional information about incidents will provide justification for further investigations and help the agency identify the attackers.

The FBI took the moment to again remind the general public that it does not support paying a ransom to regain access to their data, pointing out that paying a ransom doesn’t guarantee victims will regain access to their data and that by doing so it incentivizes adversaries to target other victims for profit.

Even if you pay the ransom, you might not get your files back. There’s no honor among thieves. Regardless, report it to FBI. #RansomwareFTC

The PSA echoes sentiments made last week by Will Bales, a Supervisory Special Agent in the Federal Bureau of Investigation’s Cyber Division, at a workshop on ransomware held by the Federal Trade Commission.

Panelists during a panel earlier that day discussed how companies can do a lot to eliminate the threat of ransomware up front by enforcing better basic cyber hygiene.

Bales, who spoke alongside experts from PriceWaterhouseCoopers’ cybersecurity division and Charles River Associates during a later panel – “What Happens If You Become a Victim?” – said the ransomware has been a constant threat for the agency.

“I live and breathe ransomware every single day,” Bales said, “We are fielding some kind of ransomware complaint literally every day through our 56 field offices.”

Bales went on to stress the importance of reporting ransomware incidents, and pointed out that information about attacks can be valuable since often, the same variant is affecting different victims.

“I can’t promise you’re going to have agents show up at your door or anything like that, each scenario is going to be very different depending on the ransomware incident and complaints,” Bales said of the process, “Ransomware is not affecting just one person or one business, it’s going to move on, or probably simultaneously affect someone else. ”

“These are difficult investigations. They are extremely difficult. The only way we can really move forward is with the help that’s brought to us,” Bales said.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.